3com internet working concepts guide

8/3/2019 3Com Internet Working Concepts Guide

1/79


2/79

3Com Corporation s 5400 Bayfront Plaza s Santa Clara, California s 95052-8145

3Com Europe Limited, 1997. All rights reserved. No part of this documentation may be reproduced in any form orby any means or used to make any derivative work (such as translation, transformation, or adaptation) withoutpermission from 3Com Europe Limited.

3Com Europe Limited reserves the right to revise this documentation and to make changes in content from time to timewithout obligation on the part of 3Com Europe Limited to provide notification of such revision or change.

3Com Europe Limited provides this documentation without warranty of any kind, either implied or expressed,including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. 3Com maymake improvements or changes in the product(s) and/or the program(s) described in this documentation at any time.

UNITED STATES GOVERNMENT LEGENDS:If you are a United States government agency, then this documentation and the software described herein areprovided to you subject to the following restricted rights:

For units of the Department of Defense:

Restricted Rights Legend: Use, duplication, or disclosure by the Government is subject to restrictions as set forth insubparagraph (c) (1) (ii) for Restricted Rights in Technical Data and Computer Software Clause at 48 C.F.R.52.227-7013. 3Com Europe Limited, c/o Merchants House, Wilkinson Road, Cirencester, Gloucestershire, GL7 1YTUnited Kingdom.

For civilian agencies:Restricted Rights Legend:Use, reproduction or disclosure is subject to restrictions set forth in subparagraph (a) through(d) of the Commercial Computer Software Restricted Rights Clause at 48 C.F.R. 52.227-19 and the limitations set forthin 3Com Corporations standard commercial agreement for the software. Unpublished rights reserved under thecopyright laws of the United States.

If there is any software on removable media described in this documentation, it is furnished under a license agreementincluded with the product as a separate document, in the hard-copy documentation, or on the removable media in adirectory file named LICENSE.TXT. If you are unable to locate a copy, please contact 3Com and a copy will be provided

to you.

Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may not beregistered in other countries.

3Com, AccessBuilder, Boundary Routing, EtherLink, NETBuilder, OfficeConnect and SuperStack are registered trademarksof 3Com Corporation. ServiceConnect is a trademark of 3Com Corporation.

AppleTalk, AppleShare, EtherTalk, LaserWriter, LocalTalk, Macintosh, and TokenTalk are registered trademarks of AppleComputer, Inc. Novell, NetWare and Yes NetWare are registered trademarks of Novell Inc. Windows, WIndows 95 and theWindows logo are registered trademarks of Microsoft Corporation. VT100 is a registered trademark of Digital EquipmentCorporation. UNIX is a registered trademark, licensed exclusively through X/Open Company Ltd.

Other brand and product names may be registered trademarks or trademarks of their respective holders.

Environmental Statement:It is 3Com's policy to be environmentally friendly in all its operations. This manual is printed on paper that comes fromsustainable, managed European forests. The production process for making the pulp has a reduced AOX level (adsorbableorganic halogen) resulting in elemental chlorine-free paper.

This paper is fully biodegradable and recyclable.


3/79

CONTENTS

ABOUT THIS GUIDEFinding Specific Information in This Guide 1

Conventions 2

Related Documentation 2

1 INTERNETWORKING OVERVIEWIntroduction 1-1

The OSI Reference Model 1-1

Application Layer 1-2

Presentation Layer 1-2

Session Layer 1-3

Transport Layer 1-3Network Layer 1-3

Data Link Layer 1-3

Physical Layer 1-3

Protocols 1-4

Addressing 1-6

Link Layer (MAC) Addresses 1-6

Network Layer Addresses 1-6

Internetworking Devices 1-6Gateways and Hosts 1-7

Routers 1-8

Bridges 1-8

Repeaters 1-8

2 THE INTERNET PROTOCOLSIntroduction 2-1

The Internet Protocol Suite 2-1Internet Protocol (IP) 2-1

Transmission Control Protocol (TCP) 2-2
http://-/?-http://-/?-http://-/?-


4/79

User Datagram Protocol (UDP) 2-2

Other Protocols 2-2

Routing Information Protocol (RIP) 2-2Serial Line Internet Protocol (SLIP) 2-3

Point-to-Point Protocol (PPP) 2-3

Simple Mail Transport Protocol (SMTP) 2-3

Simple Network Management Protocol (SNMP) 2-4

File Transfer Protocol (FTP) 2-4

Telnet 2-4

IP Addressing 2-4

IP Address Classes 2-5

Class A 2-5

Class B 2-5

Class C 2-5

Class D 2-6

Class E 2-6

IP Address Notation 2-6

Subnetting 2-8

Subnet Masks 2-9

Worked Example 2-10

Define the Subnet Mask 2-10

Assign the Host Address 2-11

3 NETWARE PROTOCOLSNetWare Internetworking Protocols 3-1

The IPX Protocol 3-1

IPX Addressing 3-1Novell Routing Information Protocol (NRIP) 3-2

Service Advertisement Protocol (SAP) 3-3

4 APPLETALKIntroduction 4-1

About AppleTalk 4-1

AppleTalk Addressing 4-2

Network Nodes 4-2Network Numbers 4-2

Zone Names 4-3
http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-


5/79

AppleTalk Named Objects 4-3

AppleTalk Routers 4-4

Seed and Non-Seed Mode 4-4

5 BRIDGING INTERNETWORKSIntroduction 5-1

Bridging Versus Routing 5-1

Bridging Concepts 5-2

Bridging and the OSI Reference Model 5-2

Transparent Bridging 5-3

Learning 5-3Filtering 5-4

Forwarding 5-5

Active Loops 5-5

Broadcast Storms 5-5

Incorrect Learning of MAC Addresses 5-6

Spanning Tree 5-7

Spanning Tree Problems 5-7

Local and Remote Bridging 5-8Advantages and Disadvantages of Bridging 5-8

Advantages 5-8

Disadvantages 5-9

6 ROUTING INTERNETWORKSIntroduction 6-1

Routing Concepts 6-1

Routing Tables 6-2Static Routes 6-2

Switching 6-3

Routing and the OSI Reference Model 6-3

Bridge/Router 6-4

Routing Protocols 6-4

IPX Routing 6-5

IP Routing 6-5

Advantages 6-5Disadvantages 6-6


6/79

7 REMOTE ACCESS USING ISDNIntroduction 7-1

How ISDN Works 7-3ISDN Logical Channels 7-3

ISDN User Interface Standards 7-4

ISDN for Remote Access 7-5

Primary Link Backup 7-6

Dial on Congestion 7-6

Dial-on-Demand 7-7

Telecommuting 7-8

Security Management 7-9Minimizing Costs 7-9

GLOSSARY

INDEX


7/79

ABOUT THIS GUIDE

About This Guide provides an overview of this guide, describes guideconventions, tells you where to look for specific information, and listsother publications that may be useful.

This guide describes some of the basic principles behind common

internetworking technologies.

This guide is intended for internetworking novices and those whowish to improve their internetworking knowledge.

Finding Specific Information in This Guide

This table shows the location of specific information in this guide.

If you are looking for: Turn to:

An introduction to the principles of internetworking. Chapter 1

An introduction to Internet Protocols. Chapter 2

An introduction to Novell NetWare. Chapter 3

An introduction to AppleTalk. Chapter 4

An introduction to bridges and bridging. Chapter 5

An introduction to routers and routing. Chapter 6

An introduction to ISDN. Chapter 7A glossary of internetworking terms. Glossary


8/79

2 ABOUT THIS GUIDE

Conventions

Table 1 and Table 2 list conventions that are used throughout this

guide.

Related Documentation

This document is intended as additional background and preparatoryinformation for the following documents from each document set:

s Getting Connected Guide.

s Software Reference.

Table 1 Notice Icons

Icon Notice Type Description

Information note Important features or instructions

Caution Information to alert you to potential damage to aprogram, system, or device

Warning Information to alert you to potential personalinjury

Table 2 Text Conventions

Convention Description

Words in italicizedtype

Italics emphasize a point or denote new terms at theplace where they are defined in the text.

Words in bold-face

type

Bold text denotes key features.


9/79

1

INTERNETWORKING OVERVIEW

This chapter gives a basic overview of the internetworkingenvironment. The information provided here is intended as afoundation to the remainder of the chapters in this guide.

Introduction

One of the most challenging tasks in the computer industry ismoving information between computers of diverse design. Thislinking of computer systems, software, and communications devicesinto strategic infrastructures is called internetworking.

In an effort to standardize the various protocols and make the

networking implementations of different vendors interoperable, theInternational Standards Organization (ISO) developed the OpenSystems Interconnection (OSI) reference model. Although othermodels have been proposed, it is the OSI reference model that hasbecome the industry standard to describe how data communicationstake place.

The OSI Reference Model

The OSI Reference Model provides a common basis for thecoordination of standards development for systems interconnection,whilst allowing existing standards to be placed into perspectivewithin its structure.

The OSI model separates the functions required for effectivecomputer communications (such as error-checking and addressing)into seven layers. This was agreed by the organizations involved asan appropriate number for achieving a manageable analysis of thefunctions involved in data communication.


10/79

1-2 CHAPTER 1: INTERNETWORKING OVERVIEW

Each layer sends packets of information to the layers above andbelow it, but each layer only understands information that comesfrom the same layer on another stack.

The layers are numbered from one to seven. Layer seven is the layerclosest to the user and layer one can be considered the layer closestto the computer hardware. This layer structure is illustrated in thetable below and then described in greater detail.

Application Layer

The application layer is the layer closest to the user. It providesinformation services to support the application processes whichreside outside of the OSI model.

Presentation Layer

The presentation layer formats the data which is presented to theapplication layer. It ensures that data from the application layer ofone system is readable by the application layer of another system. Insimple terms, it can be viewed as a translator of information.

Table 1-1 The Seven Layer of the OSI Reference Model

Layer Function Description

7 Application Selects appropriate service for applications (userinterface).

6 Presentation Provides code conversion and data reformatting.

5 Session Co-ordinates interaction between end-to-endapplication processes.

4 Transport Provides end-to-end data integrity and quality ofservice.

3 Network Switches and routes information to the appropriatenetwork device.

2 Data Link Transfers units of information to other end of thephysical link.

1 Physical Performs transmission/reception on the networkmedium.


11/79

The OSI Reference Model 1-3

Session Layer

The session layer allows two applications to synchronize and manage

their data exchange. It sets up a communication channel betweentwo application or presentation layers for the duration of thenetwork transaction, manages the communication, and terminatesthe connection. This is known as a session.

Transport Layer

The transport layer is the interface between the layers concernedwith application issues, and those concerned with data transport

issues. It provides the session layer with reliable message transferfacilities. It also offers transparent transfer of data between endstations, error recovery, and flow control. You could say that itprovides a transparent pipe for the interchange of information,supporting whatever level of reliability is appropriate for theapplication.

Network Layer

The network layer controls the operation of the network orsubnetwork. It decides which physical path the data should takebased on such factors as network conditions and priorities of service.It establishes, maintains and terminates connections between end-systems, taking care of all addressing, routing, and facility selection.

Data Link Layer

The data link layer provides reliable transmission of data across aphysical link. By providing error control, it allows the network layer toassume error free data transmission.

Physical Layer

The physical layer handles the electrical and mechanical interface tothe communications media. This includes procedures for activating,maintaining, and de-activating the physical connection. It is

responsible for converting data from the layers above it into electricalsignals compatible with the communications media.


12/79


Protocols

Protocols are sets of rules that define how different parts of a

network interact to allow devices to communicate with one another.They provide a common language to allow different vendorscomputer equipment to communicate with each other. The differentdevices can use completely different software, provided that eachdevices software can agree on the meaning of the data.

Protocols can describe low-level details of machine-to-machineinterfaces (like the order in which bits and bytes are sent across thewire) or high-level exchanges between allocation programs (the way

in which two programs transfer a file across the Internet). Variousprotocols work at different layers of the seven-layer OSI referencemodel (Figure 1-1).

Figure 1-1 Protocols and the OSI Reference Model

OthersEthernet

Hardware

Link Level Control

ARP

RARP

Internet Protocol (IP) andInternet Control Message Protocol

(ICMP)

TransmissionControlProtocol

(TCP)

Telnet

FileTransferProtocol

(FTP)

NetworkFile Store

(NFS)

UserDatabaseProtocol

(UDP)

P

HYSICAL

DATALINK

TRANSPORT

SESSION

PRESENTATION

APPLICATION

NETWORK


13/79

Protocols 1-5

Usually several protocols operate simultaneously to give full networkfunctionality. In most cases, multiple protocols in an internetworkingenvironment are related to one another as members of what isknown as a protocol stack(sometimes called a protocol suite).

Data to be transported between two stations on a network is splitinto manageable blocks calledpackets (frames in bridgingterminology). In addition to the data being transferred, each packetcontains control information used for error checking, addressing, andother purposes.

The content of the control information is defined by the networkprotocols used. Often multiple protocols co-exist within a singlepacket with each protocol defining a different part of the packetcontrol information.

When multiple protocols are used, the protocol control information isappended to the data in sequential order corresponding with the OSIreference model. The highest layer protocol first, then eachsubsequent protocol in the protocol stack. This process is calledenveloping (Figure 1-2).

Figure 1-2 Enveloping


14/79


The enveloping pattern illustrated here is common in thecommunications industry. However, the tasks assigned to eachprotocol in the packet differ for different vendors implementations.

Addressing

Addressing is a vital part of internetworking technology. The locationof each device on a network must be uniquely identified in order forinformation to be directed to it. The two main types of networkaddress are described in the following paragraphs.

Link Layer (MAC) Addresses

Link layer addresses are also known asphysical,hardware or MACaddresses. They are usually unique for each networked device.

Link layer addresses exist at layer two of the OSI reference model.Most networked devices have only one physical network connectionand thus have only one link layer address.

Network Layer Addresses

Network layer addresses are also known as logicalor virtualaddresses. They are usually in a hierarchical formatlike a postaladdress. This means they can be sorted as they go along, becauseeach line of the address narrows the search.

Network layer addresses usually exist at layer three of the OSIreference model. Their format varies according to the protocol used.

Internetworking Devices

The OSI Reference Model provides a simple representation of howinformation moves through a network. It can serve as a basis forunderstanding and characterizing an overall networking strategy. Therelationship of the various internetworking devices to the OSIReference Model is shown in Figure 1-3.


15/79


16/79


Routers

Routers usually operate at the Network layer (they may sometimes

operate as part of the transport layer too). They connect networksinto internetworks that are physically unified, but in which eachnetwork retains its identity as a separate network environment. Arouters primary purpose is to find the best path from one networkenvironment to another and forward packets between them.

Bridges

Bridges operate at the Data Link layer. They usually connect similar

network environments into logical and physical single internetworks.Latterly translation bridges have been developed to connectdissimilar LAN types. Bridges store and forward data in frames, andare transparent end-to-end stations.

Repeaters

Repeaters operate at the Physical layer. They receive transmissions(bits) on a Local Area Network (LAN) segment and regenerate the bits

to boost a degraded signal and to extend the length of the LANsegment. They are not technically internetworking devices becausethey only extend to a single logical LAN segment, but they aretypically spoken of as one.


17/79

2

THE INTERNET PROTOCOLS

This chapter provides a basic introduction to the Internet protocols.

IntroductionThe Internet protocols can be used to communicate across any set oflike-minded interconnected networks. They are equally well suitedfor local area network (LAN) and wide area network (WAN)communications. They are vendor independent and can supportmultiple technologies. The standards documents are called RFCs andare written and maintained by the Internet Engineering Task Force(IETF). Copies of the RFCs can be found on the IETF website which iscurrently located at the following URL:

http://www.ietf.cnri.reston.va.us/

The Internet Protocol Suite

The Internet protocol suite consists of a well-defined set ofcommunications protocols and several standard applicationprotocols. Transmission Control Protocol/Internet Protocol (TCP/IP) isprobably the most widely known and is a combination of two of the

protocols (IP and TCP) working together. TCP/IP is an internationallyadopted and supported networking standard which providesconnectivity between equipment from many vendors over a widevariety of networking technologies.

Internet Protocol (IP)

The Internet Protocol defines a connectionless data delivery servicebetween networked devices. Packets of data are sent as datagrams

across the network. Large packets may be broken into severaldatagrams which are each sent individually across the network. Eachdatagram carries its full destination address and control information.


18/79

2-2 CHAPTER 2: THE INTERNET PROTOCOLS

It is routed through the network independent of all other datagrams.No connections or logical circuits are established between the devicesthat are communicating.

A datagram consists of a header and a data segment. The headercontains routing and processing information. The data segmentcontains the actual data to be transferred.

Transmission Control Protocol (TCP)

The Transmission Control Protocol works with IP to provide reliabledelivery. It ensures that the various datagrams which make up asingle packet of information are reassembled in the correct order attheir destination address. It also ensures that missing datagrams areresent until they are received intact.

The primary purpose of TCP is to avoid the loss, damage, duplication,delay, or misordering of packets that can occur under IP. When IPforwards datagrams, there is no guarantee that the datagrams willarrive. If they do arrive, they will not necessarily be in the correct

order. TCP adds reliability to IP. It also provides security mechanisms.

User Datagram Protocol (UDP)

The User Datagram Protocol is an alternative to TCP. It also providesdata transfer, but without many of the reliable delivery capabilities ofTCP. UDP is faster than TCP because it has fewer security features,and is useful when guaranteed data delivery is not of paramountimportance.

Other Protocols

In addition to the lower layer protocols described above, the suitecontains numerous other protocols that support applications such asfile transfer, electronic mail, network management, and remotelogin. Some common IP protocols are described below.

Routing Information Protocol (RIP)

To route packets in an internetwork, IP uses a dynamic routingprotocol called the Routing Information Protocol (RIP). Today RIP isthe most commonly used Interior Gateway Protocol (IGP) in the


19/79

The Internet Protocol Suite 2-3

Internet community. The primary function of RIP is to inform routersabout other routers on the network.

Different protocols use differing network characteristics or metricswhen making routing decisions. The metric commonly employed byRIP is a Hop Count. A hop count is defined by the number of routingnodes there are between the source and destination units.

Approximately every 30 seconds, each IP router will advertise to allother routers on the internetwork how many hops it takes to reachall connected logical networks. This count is based on the routersnetwork position and the state of its physical links. In this way eachrouter has up-to-date information about the state of the networkenabling it to make (and assist other routers to make) decisionsabout the best routes to use for data transmission.

Serial Line Internet Protocol (SLIP)

SLIP transmits IP packets over serial lines. If using SLIP, the networkmust use TCP/IP as its primary means of communication betweenresources. A SLIP connection only allows one communication

application to be active at any one time.

Point-to-Point Protocol (PPP)

PPP also transmits packets over serial point-to-point links. It is one ofthe most popular methods for dial up connections to the Internet,because it allows other standard protocols to be used (such as TCP/IPand Novell IPX) over standard telephone connections. PPP can also beused for LAN connections. It supports multiple communicationsapplications and is widely used with ISDN links.

PPP does introduce an additional connection time overhead. It is alsomore complex to configure in networked devices as much of theadditional information it uses is unique to the connecting service.

Simple Mail Transport Protocol (SMTP)

SMTP transfers e-mail from one server to another across the network.End users must use the Post Office Protocol (POP) to transfer the

messages to their machines.


20/79


Simple Network Management Protocol (SNMP)

SNMP is used to manage nodes and/or devices on an IP network. It

provides a means to monitor and set network configurations andruntime parameters. It may also be used to gather statisticalinformation about network performance.

File Transfer Protocol (FTP)

FTP provides a way to move files between computer systems. It is awidely used way of transferring files to and from the Internet and isrelatively simple to operate.

Telnet

Telnet is the Internet standard terminal-emulation protocol forconnecting to remote terminals. When Telnet is used to connect to aremote device, the user can use that remote machine as if it werelocal to them.

IP Addressing

Each device (or host) on the Internet is assigned a unique address.These devices/hosts may be personal computers, communicationsservers, ports on a communications server, internetwork routers,network control servers, or UNIX machines.

Some devices, such as routers, have physical connections to morethan one network, and these must normally be assigned a uniqueinternet address for each network connection. The internet thenbehaves like a virtual network, using these assigned addresses when

sending or receiving packets of information.

Each internet address has a 32-bit address field. This field is split intotwo parts: the first part identifies the network on which the hostresides, and the second part identifies the host itself. Thus hostsattached to the same network share a common prefix designatingtheir network number.


21/79

IP Addressing 2-5

IP Address Classes

There are five classes of IP address. Each begins with a unique bit

pattern, which is used by the Internet software residing on networkhosts to identify the address class. Once the internet software hasidentified the address class, it can determine which bits represent thenetwork number and which bits determine the host portion of theaddress.

Any of the address classes can be used in a private TCP/IP network,providing that connections outside of that private network (to otherTCP/IP networks) are never needed.

If a private IP addressing number scheme is established within aprivate corporate network, connections out of that network toexternal public or other private TCP/IP networks can be achieved via acomputer which has software enabling it to act as an IP gateway. Thiswill, if configured correctly, provide the IP numbering/addresstranslation between the networks.

All registered IP addresses are assigned by InterNIC. The InterNIC

website is currently located at the following URL:

http://ds.internic.net/

Class A

A Class A network address has the highest order bit set to zero, aseven-bit network number, and a 24-bit local host address. Class Aaddressing can specify up to 126 networks with up to 16,777,214hosts per network.

Class B

A Class B network address has the two highest order bits set to 1-0,a 14-bit network number, and a 16-bit local host address. Class Baddressing can specify up to 16,382 networks with up to 65,534hosts per network.

Class C

A Class C network address has the three highest order bits set to1-1-0, a 21-bit network number, and an 8-bit local host address.


22/79


23/79

IP Addressing 2-7

The various notations for IP addresses and their masks are illustratedin Figure 2-1.

Figure 2-1 IP Address Notation

Valid network numbers for Classes A to D are given below wherehhh represents the host portion of the address which is assigned bythe network administrator.

s Class A: 001.hhh.hhh.hhh to 126.hhh.hhh.hhh

s Class B: 128.001.hhh.hhh to 191.254.hhh.hhh

s Class C: 192.000.001.hhh to 223.255.254.hhhs Class D: 224.000.000.000 to 239.255.255.255


24/79


Subnetting

IP addresses consist of a 32-bit address field, which is divided into

two parts: the network identifier and the host identifier. Thisaddressing scheme creates a two-level hierarchy with two majorbenefits:

s Routing tables only have to contain routes to each network (notto each host).

s Host addresses can be assigned by a local administrator (not acentral site).

However, the increasing popularity of the TCP/IP protocol suite andthe explosive growth of the Internet created problems with thistwo-level addressing hierarchy.

s Local administrators had to request a new network number fromthe Internet when a new network was installed.

s There was tremendous growth in the size of routing tablesmaintained by IP routers.

These problems were solved by adding a further level of hierarchy tothe IP addressing structure. Instead of a two-level (network, host)hierarchy, a three-level (network, subnet, host) hierarchy was created.Each organization is now assigned one (at most a few) networknumber from the Internet. The organization is then free to assign adistinct subnetwork number for each of its internal networks. Thissolves the first problem of required registration of network numbersfor new segments.

The second problem is solved by guaranteeing that the subnetstructure of a network is never visible outside the group of networksimplementing it. The route from the Internet to any subnet of a givenIP address is the same, no matter which subnet the destination hostis on. The local routers need to differentiate between subnets, but asfar as the IP routers outside of the autonomous system (AS) areconcerned, all of the subnets in an autonomous system are collectedinto a single routing table entry.


25/79

Subnetting 2-9

Different routing protocols operating at layers three and four maystill cause the second problem to occur. If this is the case, specificrouter configuration is required.

Subnet Masks

A subnet mask allows the host portion of an IP address to be furtherdivided into two parts: the subnet number and the host on thesubnet. Basically, masks determine how much of the address relatesto the network, and how much relates to the host.

A 32-bit subnet mask defines the division between subnet numberand host number (see Figure 2-2).

Figure 2-2 Subnet Masking

s Subnet mask bits which are set to zero (0) identify the subnet hostnumber. Host bits always begin with the leastsignificant bit andwork towards the mostsignificant bit.

s Subnet mask bits which are set to one (1) identify either theoriginal network number, or part of the subnet number. Network

bits always begin with the mostsignificant bit and work towardsthe leastsignificant bit.

The subnet mask consists of a similar field structure to that of the IPaddress. For example, a subnet mask of 255.255.0.0 would meanthat the first two three-digit bytes of the IP address (the fieldsmasked by 255.255) are to be recognised and used as the networkaddress, and the last two bytes (those set to 0.0) are to be used toidentify the host address.

An alternative way of expressing a subnet mask is a single numberindicating how many bits of the IP address are to be used for the


26/79


network address. For example 255.255.0.0 can be expressed as 16whilst 255.255.255.192 can be expressed as 24. Some vendorsrequire the use of this notation when configuring bridges androuters.

Worked Example

You have been allocated a Class C IP address of 193.1.2.0. You needto establish two subnets, each of which must support up to 62 hosts.

Remember that with a Class C address, only the last octet is availablefor hosts.

Define the Subnet Mask

1 Express the IP address in binary format:

193.1.2.0 = 11000001.00000001.00000010.00000000

2 You need two subnets, so you need two binary digits.

3 You need two bits (four possible combinations) for two subnetsbecause 00 and 11 cannot be used. Thus, only 01 and 10 are

available.

Select the two most significant bits of the hostportion of the IPaddress to define the subnets.

11000001.00000001.00000010.00000000

4 Define the subnet mask with all network and future subnet bits setto one, and all future host bits set to zero.

This subnet mask must be configured on each host and defined foreach router.

Network Number:193.1.2.0

11000001.00000001.00000010.00000000

Subnet Mask:255.255.255.192

11111111.11111111.11111111.11000000


27/79

Subnetting 2-11

Assign the Host Address

You can now identify the range of addresses which can be assigned

to hosts on each subnet.

.

Subnet 1193.1.2.64 11000001.00000001.00000010.01000000

Low address:193.1.2.65 11000001.00000001.00000010.01000001

High address:193.1.2.126 11000001.00000001.00000010.01111110

Subnet 2193.1.2.128 11000001.00000001.00000010.10000000

Low address:193.1.2.129 11000001.00000001.00000010.10000001

High address:193.1.2.190 11000001.00000001.00000010.10111110


28/79



29/79

3

NETWARE PROTOCOLS

This chapter explains the basics of Novell NetWare protocols.

NetWare Internetworking ProtocolsNovell commands a large share of the networking market and itsInternet Packet Exchange (IPX) protocol is also a network layerstandard. Like TCP/IP, IPX is a connectionless datagram protocol.Where TCP/IP refers to networked devices as hosts, IPX refers tothem as nodes.

The IPX Protocol

IPX is Novells original network layer protocol. As such, it addressesand routes packets from one entreated device to another on an IPXinternetwork.

IPX Addressing

IPX has its own system of internetwork and node addressing. Fornode addressing, IPX uses the physical address assigned to thespecific network interface board within the networked device.

The IPX network address is made up of three components:

s a network number

s a node number

s a socket number

Network Number Each network segment is assigned a uniquenetwork number. This number is used to route packets to their

destination network. The network number is a 4-byte hexadecimaladdress and can contain up to eight alphanumeric characters.


30/79

3-2 CHAPTER 3: NETWARE PROTOCOLS

Node Number The node number identifies the device (node) onthe network segment. It is used for local packet transmission. Thisnumber is identical to the physical address assigned to the interfaceboard that connects the device to the network.

Socket Number The socket number physically directs the packetto a particular process within the device or node. This process is theultimate destination of the packet. Each process whichcommunicates on a network has a socket number assigned to it. Thissocket number provides a quick way of routing within the node.

Novell Routing Information Protocol (NRIP)Novell IPX uses NRIP (its own version of RIP called Novell RIP or NRIP)for routing purposes. Although it is similarly named to the IPequivalent, it uses a different protocol. NRIP broadcasts datagramsout onto the network every 60 seconds. Upon receipt of an NRIPdatagram, a router adds one to the hop count of each routeadvertised and broadcasts an NRIP datagram to the other networks,with which it is connected.

The cost of a route in an IPX network is determined by the metricknown as ticks. In a LAN only environment this is the hop count plusone, for example, three hops or four ticks. For an internetworkconnected via a WAN or ISDN links, the tick count is normally basedon the speed of the WAN link automatically by the IPX routers.

It should be noted that NetWare 3.X and later versions use theconcept of internal IPX addresses, which is somewhat similar to

network addressing. The internal address refers to the internalnetwork within that server allowing internal processes tocommunicate. These numbers must be unique for all servers rightacross the network. Although network servers may appear wiredcorrectly, and in other respects seem to be working correctly,duplicated internal IPX addresses will not allow correct operation.

NetWare has a hop count limitation imposed by the NRIP. On an IPXnetwork a data packet can cross a maximum of 15 routers before

being discarded.


31/79

NetWare Internetworking Protocols 3-3

Service Advertisement Protocol (SAP)

Novell also added the Service Advertisement Protocol (SAP) to its IPX

protocol family. SAP allows nodes that provide services (such as fileservers and print servers) to advertise their addresses and the servicesthey provide. SAPs are broadcast from servers every 60 seconds androuters and servers are obliged to listen to SAP broadcastinformation, store it in their SAP table, propagate it, and respond toworkstation requests.

NRIP and SAP broadcasts occur every 60 seconds interleaved by 30seconds. If using ISDN, it is important to ensure that spoofing is

enabled to minimize call charges. See IPX/SPX Keepalive Proxyonpage 7-10 for further details.


32/79

3-4 CHAPTER 3: NETWARE PROTOCOLS


33/79

4

APPLETALK

Introduction

AppleTalk is fundamentally different from TCP/IP because it is

theoretically plug-and-play. There is no need to configure networkaddresses when connecting new devices to an AppleTalk network.However, in order to be plug-and-play, AppleTalk routers andassociated devices generate significant network traffic to keep eachother informed. AppleTalk is designed for use in networks where thedevices are permanently connected. Consequently, it is usuallyimpractical to drop ISDN line connections once AppleTalk devices areconnected, and high ISDN call charges are usually the result.

Some routers use proprietary features to reduce these line costs.These features include spoofing algorithms to allow line connectionsto be dropped for significant periods during times when no real userdata is present. This minimizes the call charges incurred.

About AppleTalk

AppleTalk is a networking system protocol available on all AppleMacintosh (Mac) computers and a variety of printer hardware. It is

also available on other platforms (for example, UNIX and WindowsNT) using various third party shareware and commercial packages.The AppleTalk protocol suite encompasses high level file-sharingusing AppleShare, LaserWriter printing services, and printspoolers, in conjunction with lower level data streams and simpledatagram delivery.

The term AppleTalk was originally used for both the protocol andconnecting cables. When the protocol was introduced on different

media, the simple shielded twisted pair cable used to connect Macsto other Macs or printers was named LocalTalk. AppleTalk via an


34/79

4-2 CHAPTER 4: APPLETALK

Ethernet is known as EtherTalk and AppleTalk via a Token-Ringnetwork is known as TokenTalk. AppleTalk data can also be carriedwithin other protocols, such as IP via the Internet. Encapsulation ortunneling methods can be used.

AppleTalk Addressing

Devices on AppleTalk networks are known as entities. Each entity onthe network has an AppleTalk address consisting of a node numberand a network number.

Network NodesNode numbers can range from 1 to 253 (254 on LocalTalk) andoccupy a single byte. Network numbers are 2 bytes long and canrange from 1 to 65535. This can also be written in dotted decimalnotation as 0.1 to 255.255 and is similar to writing a 4-byte IPaddress in the form 128.250.1.21.

Network Numbers

On EtherTalk and TokenTalk extended networks, a network rangemay be assigned to the cable. This means that AppleTalk nodes onthe cable are free to choose a network number from within thespecified range.

Network ranges may be zero width (0.5 - 0.5), or larger (0.5 - 0.8).Care should be taken to choose a range with sufficient room forfuture expansion, but without wasting address space that may be

necessary when a connection to another AppleTalk internet becomesavailable.

Theoretically, the maximum number of AppleTalk nodes that can beaccommodated on a single extended network cable is 16,580,355(65,535 x 253). LocalTalk networks are non-extended and may beassigned only a single network number. The theoretical upper limitfor the number of nodes on a LocalTalk network is 254.

In reality, there are physical limitations on the length of each type ofcable and the number of possible electrical connections to it.


35/79

About AppleTalk 4-3

Zone Names

For convenience, network numbers can be grouped together and

described by a zone name. Look-ups for AppleTalk entities in aspecific zone generate a lot of traffic, but only on cables that containthose network numbers. A routed network may have up to 255zones assigned to a single cable. One of these must be denoted asthe default zone.

A Mac on a multiple-zone extended network can reside within anyone of the available zones (selected by using the AppleTalk ControlPanel with Open Transport, or the Network Control Panel on a Mac

with classic AppleTalk networking). Non-routed networks are limitedto a single zone name per cable.

Within a single physical node, different programs or services canopen AppleTalk sockets. The full network, node, and socket addressis necessary to specify completely the final destination of anAppleTalk packet.

AppleTalk Named ObjectsTo assist in finding and distinguishing between different AppleTalkservices, an AppleTalk address can be associated with a descriptivename using Name Binding Protocol (NBP). Each entity or service canregister an NBP object name and an object type within a zone. Forexample, a laser printer might register as:

MainRIP:LaserWriter@THE-Printers

Where:MainRIP is the object name

LaserWriter is the object type

THE-Printers is the Zone Name

Each of the object, type and zone fields are limited to 32 charactersin length.

An AppleTalk address for MainRIP might be 73.194/250/129. Thisshows that the printer process running on node 250 on network73.194 is listening for printing requests on socket number 129.


36/79

4-4 CHAPTER 4: APPLETALK

A Mac user usually only encounters object and zone names. TheChooser takes care of looking up NBP types and mapping the resultsto AppleTalk addresses.

AppleTalk Routers

An AppleTalk Router allows AppleTalk services visible on one networkinterface, such as the built-in Ethernet port, to be used by otherhosts connected to a different interface, perhaps on a LocalTalk cableplugged into the router printer port.

Maintaining zone names, looking up NBP names within zones,propagating network routing information, and sending packetsbetween different network interfaces is the responsibility of one ormore AppleTalk routers.

Seed and Non-Seed Mode

When multiple routers are connected to the same network, they mayall be configured with the same network range and zone name

information (they are all seed routers). Alternatively, a router maystart up in non-seed mode and obtain configuration informationfrom other routers that are already operating. Once running, there isno practical difference between a seed and a non-seed router.

It is particularly important that all routers connected to a cable havethe same configuration information for each of the network range,default zone and zone lists. If this is not the case, then the networkmay be unpredictable; certain nodes may not be visible or

connections may be lost. Many routers handle this potentially serioussituation by refusing to start up.

A non-seed AppleTalk entity that starts-up on an extended networkinitially uses the network number start-up range of 255.0 to 255.254(65280 to 65534). This network range is used until a router iscontacted and the real network range is determined. Network rangeson different physical cables must not overlap, and therefore routersshould not be configured with network numbers in the range 255.0

to 255.254.


37/79

5

BRIDGING INTERNETWORKS

This chapter explains the concepts and practical implications ofbridging internetworks.

Introduction

Bridges and routers were first used to extend the area a networkcould cover by connecting two adjacent LANs. Both Ethernet andToken Ring LAN topologies specify limits on the maximum distancesbetween devices and a maximum number of stations that can beconnected to a single LAN environment. This distance may beincreased with the addition of a bridge or router.

More recently, bridges and routers have been used to segment LANsfor performance reasons. When users on a single LAN begin toexperience slower response times, the reason is often too muchtraffic on the LAN. One way of dealing with this is to split a large LANwith many users into several smaller LAN segments, each with fewerusers. This increases the routing capacity available to the end user.

Bridges and routers are both devices used to link different LANs orLAN segments together. Many organizations have LANs located at

sites that are geographically distant from each other. By placing arouter or bridge on the LANs at two distant sites and connectingthem with a telecommunications link, users on one LAN can accessresources on the other LAN as if those resources were local.

Bridging Versus Routing

Bridging is often looked upon as the poor relation to routing.However, routing and bridging accomplish a similar task in different

ways. The primary difference between the two is that bridging occursat layer two (the datalink layer) and routing occurs at layer three (the


38/79

5-2 CHAPTER 5: BRIDGING INTERNETWORKS

network layer) of the OSI reference model (see page 1-1). This meansthat routing and bridging use different information to move packetsfrom one place to another. Bridges and routers both forward packetsof information, but routers also determine the path that thesepackets take. In practical terms, bridging is generally quicker andsimpler to configure than routing. However, routing offers greaterresilience and control. For more detailed information on routing, seeChapter 6, Routing Internetworks.

Bridging Concepts

The simplest bridged network connects two or more LANs (seeFigure 5-1). The interface between the bridge and each LAN segmentis known as a port. Each LAN attached to a port is called a networksegment.

Figure 5-1 A Simple Bridged Network

The local bridge examines each incoming frame and makes aforwarding decision based on the information it contains. When theframe destination is a device on a network segment other than theone on which it was transmitted, the bridge forwards the frame tothat port. By forwarding only frames addressed to devices on othersegments, bridges increase the effective throughput of the network.

Bridging and the OSI Reference Model

Bridging occurs at layer two of the OSI reference modelthe linklayer. This means that bridges see the network merely as a collection


39/79

Transparent Bridging 5-3

of source and destination addresses. They have no knowledge of thepaths between addresses and they do not examine any upper-layerinformation. This means that they can interconnect incompatiblehigher level protocols such as TCP/IP and DECnet. This does notmean that a DECnet network can receive a TCP/IP encoded frame,but it can forward it to its destination. Bridges can rapidly forwardtraffic representing almost any network layer protocol.

A bridged network has several benefits.

s More devices can communicate over a bridged network thanwould be supported on any single LAN connected to the bridge.

s Bridges extend the effective length of a LAN, allowing remotesites to be connected.

s The amount of data forwarded by the bridge is kept to aminimum so devices do not receive large amounts of irrelevantdata.

s To some extent, the bridge acts as a firewall for network errors.

Transparent BridgingTransparent bridges are designed to enable frames to move back andforth between two network segments running the same MAC layerprotocols. This type of bridging is called transparent because the endstations are not aware of the existence of intermediate bridges.Transparent bridges have three useful capabilities:

s learning

s

filterings forwarding

Learning

A bridges learning capability allows it to prevent unnecessary trafficfrom flooding the network. When a bridge is first powered on, itdoes not know the number or addresses of the devices on the LANconnected to it. In order to function correctly, the bridge must learn

this network topology. It does this by examining all incoming frames,and building an address table of all the devices it knows to be on the


40/79


various segments of the local LAN. All basic bridge functionalityinvolves transactions using this address table (often called the FilterAddress Table).

A bridge examines the source address of each frame it receives. Itcompares this address to the entries already in the source addresstable. If the address is not there, the bridge adds it. Using thismethod, the bridge learns the addresses of all the devices on thenetwork. This learning capability allows new devices to be added tothe network without reconfiguring the bridge.

FilteringA bridge allows users to reach any part of the network that theyneed to, but to minimize traffic on the network, it must beinterconnected in such a way that frames are filtered and only thoseframes that need to pass from one LAN to the other are forwardedacross the bridge. Typically, about 80 percent of the framestransmitted on a typical workgroup or department LAN are destinedfor stations on the local LAN.

Bridges make a simple forward/dont forward decision on each framethey receive from the LAN. This decision is based on the destinationaddress of the frame. If a frames destination address is on the sameLAN segment as its originating address, it is filtered out and notforwarded across the bridge. If it is destined for an address onanother LAN segment, it is forwarded over the bridge. Bridges canfilter and forward frames very quickly, making them good for largetraffic volumes.

Bridges can filter frames based on any link layer field. For example, abridge can be configured to reject all frames from a particularnetwork. Unnecessary broadcast and multicast frames can also befiltered in this way. Data-link information often includes a referenceto an upper layer protocol, and bridges can usually filter on thisparameter too.


41/79

Active Loops 5-5

Forwarding

Forwarding ensures that a frame takes the correct next step to get

where it is going. If the destination address is on a different networksegment, the bridge determines which of its ports is associated withthat address and forwards the frame to the appropriate port. If thedestination address is not in the address table, the bridge forwardsthe frame to all its ports except the one on which it was received.

Transparent bridges are not allowed to forward frames containingerrors. They must verify checksums and if an error is detected, theframe is discarded.

Active Loops

Learning, filtering, and forwarding functions rely on the existence ofa single path between any two devices on the network. In simpletopologies it is relatively easy to ensure that only one path exists. Asthe number of connections increases or the network becomes morecomplex, the probability of inadvertently creating multiple paths oractive loops between devices increases dramatically.

Active loops can be a severe problem for bridge-based networks. Theloops can lead to unnecessary duplication of frames and thisredundant traffic can quickly degrade overall network performance.Figure 5-2 illustrates a topology containing active loops. Every timeHost A sends a frame to Host C a separate instance of the frame isforwarded by each bridge, resulting in two identical framestraversing the network.

Broadcast Storms

Broadcast frames are delivered to all devices on the network. Theyare used by Network Operating Systems to advertise file and printservices to clients (for example, IPXs Service Advertising Protocol). Abroadcast storm is a burst of this broadcast frame traffic.

Referring to Figure 5-2, assume that Host As initial frame is abroadcast. Because there is an active loop on the bridged network,both bridges forward the frame endlessly. This uses all available


42/79


network bandwidth and blocks the transmission of other packets onboth segments.

Figure 5-2 Active Loops in a Bridged Network

Incorrect Learning of MAC Addresses

Using Figure 5-2 again, assume Host A sends a frame to Host C. Bothbridges receive the frame on their Network 1 interfaces and learnthat Host A is on Network 1. However, when Host C receives twocopies of the frame (one from each bridge), both bridges receive theframe again, this time on their Network 2 interfaces, because allhosts receive all messages on broadcast LANs.

The bridges may relearn the address of Host A as being on Network2. If this is the case, when Host C replies to Host As frame, bothbridges will reject the frame, because their address tables willindicate that the frames destination (Host A) is on the same networksegment as the frames source (Host C).

The problem of active loops can be addressed by using the SpanningTree Algorithm. This is now a basic part of bridge functionality.


43/79

Active Loops 5-7

Spanning Tree

The Spanning Tree Algorithm, sometimes referred to as the Spanning

Tree Protocol (STP), creates a set of device to device paths throughthe network, such that there is only one active or primary pathbetween any two devices. All paths not selected by the spanning treeare temporarily disabled. In other words, the Spanning TreeAlgorithm (STA) creates a logically loop free network topology byusing certain paths and blocking others. In Figure 5-3the diagram onthe left shows a meshed topology containing loops. The figure onthe right shows how a spanning tree can be placed over the meshedtopology to automatically eliminate these loops.

Figure 5-3 Example of Spanning Tree Algorithm

Spanning tree allows participating bridges to reactivate blockedpaths if an existing primary path fails. With this feature, the STAallows networks to recover quickly and automatically if a networkdevice such as a bridge or a section of network cabling fails.

Spanning Tree Problems

Although the STA solves many problems, it can also create them for

wide area networks. If there are active loops in the long distance partof the network, the STA will disable one or more lines to eliminatethem. However, even though a line is disabled, the physicalconnection remains intact. Because long distance lines are mostoften leased, network managers who choose bridging as a basis forwide-area internetworking may find themselves paying for longdistance lines that are not actually used because they have beendisabled by the STA.

CAUTION: Spanning Tree is recommended for permanent links only.It should not be used in ISDN networks and other semi-permanentconnections.


44/79


Token ring and FDDI networks can also implement Source Routebridging. This is an IBM standard that routes frames by specifying

forwarding information in the frames themselves.

Local and Remote Bridging

Bridges may be either local or remote. Local bridges connect multipleLAN segments within the same local area. Local bridges connect tolocal transmission media, particularly network backbones. Typicalmedia include coaxial, fiber-optic, and twisted pair cable, so a local

bridge may have more than one physical LAN port on it.Remote bridges are also known as wide-area bridges. Remotebridges connect multiple LAN segments in different areas. Remotebridges usually use ISDN or telephone lines to connect these remoteLAN segments. Remote bridges often only have one physical LANport on them, with other ports associated with leased line or dial-upWAN link connections.

They connect to remote access media. There are two basic types of

remote access technology. These are discussed in greater detail inChapter 7Remote Access Using ISDN.

Advantages and Disadvantages of Bridging

Advantages

When deciding whether to implement bridging on a network,consider the following advantages.

s Bridges are simple to install. Advanced bridging features can beimplemented with minimum configuration.

s Bridges are transparent to users.

s Bridge-based internetworks adapt automatically to networkchanges, and can be modified and reconfigured easily.

s Bridges can connect networks running different protocolswithout requiring additional software. They operate below thenetwork layer in the OSI reference model, so it is not necessary for


45/79

Advantages and Disadvantages of Bridging 5-9

network managers to know in advance which high-level protocolswill be used.

s Some protocols are unroutable, such as DECs Local AreaTransport (DECLAT) protocol which is used for terminalcommunications. These unroutable protocols must be bridged.

s Bridges form single logical networks. All of the interconnectednetwork segments have the same network identifier. This meansthat devices can be moved around within the network withoutconfiguring new network addresses for them.

Disadvantagess Bridges cannot load-split over network segments. This means that

they cannot take simultaneous advantage of redundant paths in anetwork.

s Bridges may propogate significant increases in network traffic atcertain times and flood the network. For example, this can occurwhen a frame with an unknown address is sent out.

s

Bridges cannot prevent broadcast storms. A broadcast stormmay occur when certain broadcast protocols cause frames to beflooded to every port. If there is a malfunction or an incorrectlyconfigured parameter, these activity spikes can be severe enoughto render the entire network inoperable.

s Bridges do not provide significant support for fault isolation orother distributed management capabilities. Networks becomeharder to manage and maintain as their size and complexityincreases. Bridges form a single logical network often making

fault isolation in very large bridged networks almost impossible.

s Bridge-based internetworks may require extra attention fromnetwork administrators to track what is running on the networkand where.

s Using bridges to connect networks across wide area fixed links (orleased lines) can cause a problem. If the line speed of the widearea link is too slow, applications on the end stations may timeoutcausing unnecessary retransmission of frames. If this situation islikely to occur, routers should be used for the remote link.


46/79



47/79

6

ROUTING INTERNETWORKS

This chapter explains the concepts and practical implications ofrouting internetworks.

Introduction

Like bridges, routers consolidate two or more networks into aninternetwork. Unlike bridges however, routers maintain the logicalidentity of each network segment. Therefore, an internetwork basedon routing consists of many different logical subnetworks, each ofwhich is a potentially independent administrative domain.

Routers are more complex than bridges. They use the Network Layer

Protocol information within each packet to route it from one LAN toanother. The router must be able to recognize all of the differentNetwork layer protocols which may be used on the networks it islinking together. This is where the term multiprotocol router comesfroma device that can route using many different protocols. Themost common multiprotocol routers route IP and IPX. Routers shareinformation with each other allowing them to determine the bestroute through a network that links many LANs.

Routing Concepts

Whilst a bridge examines all frames sent on its attached networksegments, a router receives only packets specifically addressed to it.This means that routers have more decisions to make than bridges,and they need more information with which to make them. Thisadditional information is contained in the routers routing tables.

A router has two basic functions.

s It must create and maintain the routing tables.


48/79

6-2 CHAPTER 6: ROUTING INTERNETWORKS

s It must select the next leg of the journey for each packet itprocesses. This path is selected based on the informationcontained in the packet and in the routing table appropriate tothat packet.

Routing Tables

A routing table contains a variety of information includingdestination/next hop associations and path desirability. Next hopassociations tell a router that a particular destination can best bereached by sending the packet to a specific router which represents

the next hop on the way to the final destination. When a routerreceives a packet, it examines the destination address and associatesit with an appropriate next hop.

Path desirability concerns the most efficient path a packet can take.The source and destination routers compare routing metrics todetermine the most desirable path between them.

A routing metric is a standard of measurement used by routing

algorithms to determine the most efficient path to a particulardestination. Routing algorithms store route information in routingtables. This information varies with the routing algorithm used.

Routers communicate with each other by sending messages. Thesemessages include routine updates to routing tables. By analyzingthese updates, each router on the network learns the networktopology and updates its own routing tables accordingly. This processoccurs automatically. The Routing Information Protocol (RIP) is most

commonly used for this

Static Routes

The network administrator can define static routes if necessary (forexample, if a particular routing policy needs to be enforced). Staticroutes force traffic through the network in a specific way.

The disadvantage with static routing is that if the network links in therouting definition are down, traffic cannot be passed. The

implementation of a static route prohibits the router from offering analternative data path.


49/79


Switching

Switching algorithms are similar for most routing protocols. A host

determines that it must send a packet to another host. The sourcehost sends a packet to a routers physical (MAC) address, but withthe protocol (network) address of the destination host.

The router examines the packets destination protocol address todetermine whether it knows how to forward the packet to the nexthop. If the router knows how to forward the packet, it changes thedestination physical address to that of the next hop and forwards thepacket. If the router doesnt know how to forward the packet, it

drops it.

The packet is forwarded in this way until it reaches its finaldestination. Although the packets physical address may changemany times, its protocol address remains the same.

Routing and the OSI Reference Model

Routing generally occurs at layer three of the OSI reference model the network layer. It involves two basic activities: the determinationof the best path (routing) and the transport of information over thenetwork (switching). Switching is relatively straightforward, butdetermining a path can be complicated.

Routers do not connect at the data link layer of the OSI referencemodel, so they can connect network environments which havedissimilar addressing structures (assuming they have interfaces toeach LAN type).

Routers are visible to end stations. This allows them to control theflow of traffic from a transmitting station to a receiving station. If thetransmitting station sends packets faster than the receiving stationcan store them in its buffer, some routers may also be able to signalthe transmitting station to stop or slow the transmission, thuscontrolling the flow and avoiding congestion.


50/79


Bridge/Router

Many vendors have created devices that mix bridging and routing

technology together in a single system. A bridge/router can act asboth a bridge and a router at the same time. Few pure routers areavailable, because there will always be a need to bridge unroutableprotocols.

Figure 6-1 illustrates how a multiprotocol bridge/router processes thepackets that it receives.

Figure 6-1 Multiprotocol Bridge/Router

TCP/IP traffic is sent to the IP routing module for processing. Routingis based on the destination IP address contained in each packet.

IPX traffic is sent to the IPX routing module for processing. Routing isbased on the destination network number contained in each packet.

All other traffic (frames) is sent to the bridge module for processing.Forwarding is based on the destination MAC layer address containedin the frame. The bridge module does not examine the networkprotocol address.

Routing Protocols

Routers communicate with each other through protocols thatoperate at the network layer level. These routing protocols determinewhether routing tables are static or dynamic, whether link-state ordistance-vector routing is used, and other variables that pertain tocommunication between routers.

Most routers are dynamic; building and maintaining their routing

tables automatically. Often, the facility for a network administrator tomanually add in defined static routes is also available.


51/79


IPX Routing

Routing on a Novell network is through the Internet Packet

eXchange (IPX) protocol suite. The routing protocol is called NovellRouting Information Protocol (NRIP). NRIP-IPX uses distance-vectorrouting and the maximum number of hops is configured on eachrouter with the default set at 15. Each end station must send an NRIPrequest to determine which router is best for a desired network.Novell distinguishes between internal routers (those that exist assoftware on a NetWare server) and external routers (those that arestandalone dedicated routers.

Novell also offers a routing protocol called NetWare Link ServicesProtocol (NLSP) which uses link-state routing. NLSP addresses someproblems caused when using NRIP-IPX. For example, the volume ofoverhead generated from NLSP is much less than from NRIP-IPX.

IP Routing

The TCP/IP protocol suite contains a large number of standards-basedprotocols. Routing protocols include Routing Information Protocol(RIP), Open Shortest Path First (OSPF), Exterior Gateway Protocol(EGP) and Border Gateway Protocol (BGP). Although IP does not usedistance-vector routing, it does impose a 15 hop restriction onroutes.

Advantages

s Routers can eliminate traffic on a network because they do notforward broadcast packets from one segment to another.

s Routers are generally more flexible than bridges. They candifferentiate between different paths based on factors such ascost, line speed, and line delay, and can be configured (forexample) for equal-cost load splitting. Router-based networksmay be customized to more closely reflect business requirements.

s Routers can provide a protective firewall between subnetworks.This prevents incidents that occur within one subnet fromaffecting others, and makes large routed networks easier to

maintain than their bridge-based equivalents.


52/79


s Router-based networks support any topology, and can more easilyaccommodate greater network size and complexity than similarbridged environments.

s Routers provide and can take advantage of redundant networkpaths, allowing them to load split certain applications, helping toensure that available bandwidth is optimally exploited. Bridgescannot normally do this because the spanning tree algorithm hasto be applied and it blocks redundant paths.

s Some routers can translate packets from one data link layerprotocol (such as Ethernet) to another (such as Token Ring) much

easier than bridges can. These are sometimes called gatewayrouters.

Disadvantages

s Routers are protocol dependent devices, so they require softwarefor each protocol they run.

s The more protocols a router supports, the more knowledgenetwork administrators must have to configure and troubleshoot

the router. Personnel with adequate training may not always beavailable.

s If it is running a static protocol, configuring a router can be alaborious, time consuming process.

s Some protocols that operate below the network layer are notroutable and must be bridged.

s Troubleshooting and diagnostics on a routed network requires a

much higher level of expertise than that needed for an equivalentbridged network.


53/79

7

REMOTE ACCESS USING ISDN

This chapter provides an introduction to the basic concepts ofISDN. It describes and illustrates how ISDN can be used for remoteaccess purposes.

Introduction

Integrating voice and data networks can reduce costs and expandcapabilities. Integrated access to voice, video, and data services alsoprovides access for applications such as desktop videoconferencing.

ISDN (Integrated Services Digital Network) offers many benefits fororganizations where data applications use public switched

telephone network facilities. These benefits make ISDN particularlyattractive for small regional and international branch sites thatneed to connect to central enterprise networks and to one another.

s ISDN can carry multiple servicesvoice, video, and dataon asingle network over existing twisted-pair copper wire, sotelecommunications service providers and subscribers candramatically reduce their infrastructure and maintenance costs.

s

Basic Rate Interface (BRI) ISDN provides much higherbandwidth than analog modem-based solutions. Using ISDNcompression ratios from 2:1 to 4:1, it is possible to delivereffective transmission rates ranging from 256Kbps to 632Kbps.

s ISDN provides a clearer, less noisy voice telephone service, withthe built-in security advantage of digital transmission andmanaged by easy-to-use call control features (dependent onthe access devices used).

s

Remote users working from home or on the road can usehigh-speed ISDN to access critical central site resources at higherperformance levels.


54/79

7-2 CHAPTER 7: REMOTE ACCESS USING ISDN

s ISDN caller identification features can enable some ISDN accessdevices to screen incoming calls based on the caller's phonenumber ID, and accept or reject the call based onuser-specified preferences. It can link to a directory andforward the call accordingly, or map to a database to pull thecaller's record. It can even bypass the local site and link the callto a remote-site IP address for routing purposes.

s A dynamic bandwidth allocation feature included in some ISDNaccess devices can aggregate data channels in real time toaccommodate even the most bandwidth-intensive applications.

s

An ISDN connection can act as a low-cost backup for a leasedline on a "pay only for use" dial-up connection basis with linespeeds comparable to current T1/E1 leased lines (where ISDNPrimary rate Interface services are employed with up to 30B-channels). ISDN eliminates the expense of a second leased linethat may go unused.

s ISDN can handle multiple devices on a single line. Up to eighttelephones, computers, workstations, faxes, credit card readers,cash registers, or other devices that are connected via an ISDN

access device (or are ISDN compatible in themselves) can bedirectly attached to a single ISDN line.

Although several devices can be supported on a single line, onlytwo simultaneous connections can be supported on BRI ISDN.

s ISDN's end-to-end digital transmission delivers more accurateand reliable connectivity than analog technology. It normally haslower error rates and fewer dropped connections.

s ISDN's technology provides quicker connect times to bettersupport LAN protocols such as IP and IPX, which require lowerlatency across the connection. This is particularly useful forInternet and other on-line services as well as in retail creditverification applications.

s ISDN interoperates with other WAN services such as existinganalog services, X.25, Frame Relay, Switched MultimegabitData Service (SMDS), and higher-speed services like ATM.


55/79

How ISDN Works 7-3

s ISDN can provide dial-up access for IBM users: for example,cluster controller to front-end processor (FEP) links andinter-FEP links at T1 channel extension rates.

s Attractive tariffs and expanded availability make ISDN acost-effective alternative to private leased lines for low- andhigh-speed data networking.

How ISDN Works

In an analog network, a two-wire loop from the telephonecompany's local exchange to the customer premises supports a

single transmission channel which can carry only one service (voice,data, or video) at a time. With ISDN, this same pair of twistedcopper wires is logically divided into multiple channels.

ISDN Logical Channels

ISDN defines two types of logical channels. They are distinguishedby both function and capacity:

s B (bearer) channels operate at 64 Kbps and carry circuit-modeor packet-mode user information such as voice, data, fax, anduser-multiplexed information streams. All network services areavailable through B channels.

s The D (data) channel operates at 16 Kbps for BRI and 64 Kbpsfor PRI. It carries call signaling and setup information toestablish a network connection, request network services, routedata over B channels, and close the call when complete. Thisinformation is designed to travel through a totally separate,dedicated communications network from the bearer channels. Itis this out-of-band signaling network that gives ISDN fasterconnection timesfrom one to four seconds as opposed to 10to 40 seconds for analog dial-up lines. On some ISDN networks(where the service provider allows) bandwidth not required forsignaling and control on the D channel can be used to transportuser packet or frame data when needed.


56/79


Figure 7-1 BRI and PRI Interfaces

ISDN User Interface Standards

Users connect to ISDN by means of a local interface to a "digitalpipe." ISDN supports digital pipes of various sizes to satisfydifferent application needs. For example, a residential user mightrequire enough capacity to handle a telephone and a PC. However,

a remote site connecting to ISDN via an on-premises private branchexchange (PBX) or a bridge/router might require a higher-capacitypipe. At different times, the pipe might use varying numbers ofchannels, up to its capacity limit.

The ITU-TSS has defined two ISDN user interface standards:

s The Basic Rate Interface consists of two B channels and one Dchannel for signaling (2B+D).

s

The Primary Rate Interface is a 30B+D interface (23B+Dinterface in North America and Japan). It is the ISDN equivalentof the 2.048 Mbps (or 1.544 Mbps) interface over a T1/E1 lineor trunk; the physical layer is identical for both. The D channelis channel 16 (or 24) of the interface, and it controls thesignaling procedures for some or all of the B channels.


57/79


ISDN for Remote Access

Interconnected LANs may be in the same geographic area or they

may be separated by great distances. When they are geographicallydistant, they are connected into a Wide Area Network (WAN).There are numerous methods of creating a WAN for remote access,but they all fall into one of two categories: dedicated or switched.

Dedicated access provides a constant data transmission pathbetween twospecificpoints. This is typically in the form of a leasedor private line. The line is always available, and large amounts ofdata can be sent 24 hours a day if necessary. However, the cost ishighthe connection costs the same whether it is used 24 hours aday or just one hour a day. In practice, many costly leased lines areonly used for a short time each day.

Switched access provides a connection between anytwopoints on an as-needed basis. An ISDN line or a standard analogtelephone line can be used to provide switched access. Anywherecan be accessed as and when needed. Switched access is a lowcost solution for intermittent usersthe cost is normally based onthe line time used plus a fixed rental charge. However, the cost willoften exceed that of a dedicated leased line if the connection isused for 24 hours per day.

ISDN can be used as the sole means of remote access or as abackup if the permanent leased line has failed.


58/79


Primary Link Backup

In this application, the bridge/router normally communicates with

the central site via a dedicated fixed link such as a leased line. Ifthe fixed link fails, the router automatically uses the ISDN line todial up the central site and resume communications. When thefixed link is restored, the ISDN link is automatically terminated. SeeFigure 7-2.

Figure 7-2 ISDN as Backup to a Leased Line

Dial on Congestion

This application is similar to the fixed link backup. Thebridge/router normally communicates with the central site via adedicated fixed link such as a leased line. When network trafficexceeds the available bandwidth, the bridge/router automatically

uses the ISDN line to provide additional bandwidth (bandwidthtop-up). When traffic levels fall below a programmed level for aset time, the bridge/router automatically terminates the ISDN calland all traffic returns to the fixed link. See Figure 7-2.


59/79


Dial-on-Demand

In this application the bridge/router has no dedicated connection to

the central site. The bridge/router only calls the central site via ISDNwhen there is data to be transmitted. When the connection hasbeen established, it can be held open for other traffic. If there is notraffic for a programmable amount of time, the bridge/router dropsthe call. See Figure 7-3

Figure 7-3 Dial-on-Demand


60/79


Telecommuting

Working at home provides many benefits to both the employee

and the employer. The benefits of telecommuting are possibleusing widely available applications that BRI ISDN can support. Theapplications include remote LAN-access, file transfer, terminalemulation, and screen sharing applications. The ISDN line can alsosupport simultaneous voice applications.

In Figure 7-4, the telecommuter connects both a PC and ananalog phone to the bridge/router. The bridge/router uses both Bchannels for data unless there is an incoming or outgoing voice

call. When a voice call is in progress, the bridge/router uses a singleB channel and the voice call uses the other one. This enables thetelecommuter to have a single incoming voice/data line.

Figure 7-4 Telecommuting


61/79

Security Management 7-9

Security Management

Implementing ISDN access to a private network opens that network

to potential unauthorized access. To minimize this threat, someISDN access devices allow a security procedure to be implementedusing the PPP link protocol. Two such procedures are PasswordAuthentication Protocol (PAP) and Challenge HandshakeAuthentication Protocol (CHAP). Needless to say, these securityfeatures do add an overhead in the data volume when operatingand extra calls are established.

PAP PAP provides one way authentication of the remotebridge/router calling into a central site. The remote bridge/routergives a user name and password to be validated by the central sitebridge/router.

CHAP CHAP uses three way handshake authentication. Oneside of the connection initiates the challenge with a key to asecret. This secret is used to determine a response which isencoded and sent back to the initiator. The response is evaluatedand either accepted or rejected. Additional challenges may beissued throughout the session to confirm that the caller is valid.The nature of the challenge is random to avoid duplication ofresponse.

Minimizing Costs

ISDN lines are normally charged by connection time (plus a fixedrental). However, the LAN protocols used with them were

developed for the local environment where bandwidth is essentiallyfree. Bridge/routers with ISDN interfaces must not only connect tothe ISDN network to route the data, but must also optimize theuse of that network to minimize connection charges.

Data Filters Although there may be many devices on a remotenetwork, some of these devices may never need to connect to anyother location. Filters in some ISDN bridge/routers can be used toallow only authorized users to contact a remote connection.

Data Compression When a remote connection has beenestablished, it is practical to maximize the use of the available


62/79


bandwidth. A bridge/router with data compression can transportup to four times more data across a 64Kbps ISDN link than a basicISDN terminal adapter. Data compression does not always speedthe transmission of data. It is therefore important to have abridge/router which allows data compression to be switched onand off.

IPX/SPX Keepalive Proxy Novell is a very chatty protocolwith the file server sending a message to each remote clientterminal every five minutes when there is no actual usercommunication. In a network where bridge/routers are using ISDN

as the transport, these keepalive messages can increase themonthly connection charges significantly. Bridge/routers shouldimplement a spoofing protocol whereby the bridge/routerresponds to the keepalive messages sent from the file serverswithout actually bringing up the ISDN connection.

Demand RIP for IP/RIP and SAP for IPX Normal routingprotocols cause bridge/routers to communicate with theirneighbors to determine which paths are available to transmit data.

This is done via periodic messages sent throughout the network.Most often, nothing has changed in the network and the messagesdo not convey any new information. Bridge/routers shouldimplement either static routing or demand RIP/SAP. DemandRIP/SAP only sends routing and service updates when there is achange in topology or the status of a particular service changes.This minimizes ISDN connection charges since change informationis only sent across the network when an ISDN connection is up.

Multilink PPP This feature allows a bridge/router to dial upadditional ISDN B channels when there is a large amount of datatraffic to be sent across the network. The additional bandwidthshortens the transfer time and improves interactive performance.

Some ISDN bridge/routers are capable of building and collapsingscalable pipes across ISDN. In this case, users are only chargedfor the bandwidth needed to support their applications when theyare actually needed.

Timebands Timebands allow users to establish certain times atwhich calls are to be automatically placed to particular destinations.


63/79

Minimizing Costs 7-11

Typically, calls can be scheduled at different times of the day fordifferent days of the week. The call duration can also be specified.

Tokens Tokens enforce a maximum call use over a given timeperiod, typically a month, to control ISDN usage and line charges.

Priority Queuing Packets are generally queued for transmissiononto the WAN. Using priority queuing, each session is allocated itsown queue and these queues are serviced in a round robinmanner. This avoids a bandwidth hungry application (such as anFTP session) from starving other processes of bandwidth.

Queues can be organized by IP address or protocol and flexibleprioritization schemes can be used to give certain hosts orapplications priority.


64/79



65/79

GLOSSARY

10Base2An IEEE standard for using IEEE 802.3 protocol at 10 Mbps overthin Ethernet cable.

10Base-TAn IEEE standard for using IEEE 802.3 protocol at 10 Mbps ov

3com internet working concepts guide

Documents